| |
@@ -219,6 +219,41 @@
|
| |
rootdn_bind(topology_st.standalone, uri=uri)
|
| |
|
| |
|
| |
+ def test_rootdn_access_denied_ip_wildcard(topology_st, rootdn_setup, rootdn_cleanup):
|
| |
+ """Test denied IP feature with a wildcard
|
| |
+
|
| |
+ :id: 73c74f62-9ac2-4bb6-8a63-bacc8d8bbf93
|
| |
+ :setup: Standalone instance, rootdn plugin set up
|
| |
+ :steps:
|
| |
+ 1. Set rootdn-deny-ip to '127.*'
|
| |
+ 2. Bind as Root DN
|
| |
+ 3. Change the denied IP so root DN succeeds
|
| |
+ 4. Bind as Root DN
|
| |
+ :expectedresults:
|
| |
+ 1. Success
|
| |
+ 2. Should fail
|
| |
+ 3. Success
|
| |
+ 4. Success
|
| |
+ """
|
| |
+
|
| |
+ log.info('Running test_rootdn_access_denied_ip_wildcard...')
|
| |
+
|
| |
+ plugin.add_deny_ip('127.*')
|
| |
+ time.sleep(.5)
|
| |
+
|
| |
+ # Bind as root DN - should fail
|
| |
+ uri = 'ldap://{}:{}'.format('127.0.0.1', topology_st.standalone.port)
|
| |
+ with pytest.raises(ldap.UNWILLING_TO_PERFORM):
|
| |
+ rootdn_bind(topology_st.standalone, uri=uri)
|
| |
+
|
| |
+ # Change the denied IP so root DN succeeds
|
| |
+ plugin.apply_mods([(ldap.MOD_REPLACE, 'rootdn-deny-ip', '255.255.255.255')])
|
| |
+ time.sleep(.5)
|
| |
+
|
| |
+ # Bind should succeed
|
| |
+ rootdn_bind(topology_st.standalone, uri=uri)
|
| |
+
|
| |
+
|
| |
def test_rootdn_access_denied_host(topology_st, rootdn_setup, rootdn_cleanup):
|
| |
"""Test denied Host feature - we can just test denying localhost
|
| |
|
| |
@@ -293,6 +328,42 @@
|
| |
rootdn_bind(topology_st.standalone, uri=uri)
|
| |
|
| |
|
| |
+ def test_rootdn_access_allowed_ip_wildcard(topology_st, rootdn_setup, rootdn_cleanup):
|
| |
+ """Test allowed ip feature
|
| |
+
|
| |
+ :id: c3e22c61-9ed2-4e89-8243-6ff686ecad9b
|
| |
+ :setup: Standalone instance, rootdn plugin set up
|
| |
+ :steps:
|
| |
+ 1. Set allowed ip to 255.255.255.255 - blocks the Root DN
|
| |
+ 2. Bind as Root DN
|
| |
+ 3. Allow 127.*
|
| |
+ 4. Bind as Root DN
|
| |
+ :expectedresults:
|
| |
+ 1. Success
|
| |
+ 2. Should fail
|
| |
+ 3. Success
|
| |
+ 4. Success
|
| |
+ """
|
| |
+
|
| |
+ log.info('Running test_rootdn_access_allowed_ip...')
|
| |
+
|
| |
+ # Set allowed ip to 255.255.255.255 - blocks the Root DN
|
| |
+ plugin.add_allow_ip('255.255.255.255')
|
| |
+ time.sleep(.5)
|
| |
+
|
| |
+ # Bind as Root DN - should fail
|
| |
+ uri = 'ldap://{}:{}'.format(localhost, topology_st.standalone.port)
|
| |
+ with pytest.raises(ldap.UNWILLING_TO_PERFORM):
|
| |
+ rootdn_bind(topology_st.standalone, uri=uri)
|
| |
+
|
| |
+ # Allow localhost
|
| |
+ plugin.add_allow_ip('127.*')
|
| |
+ time.sleep(.5)
|
| |
+
|
| |
+ # Bind should succeed
|
| |
+ rootdn_bind(topology_st.standalone, uri=uri)
|
| |
+
|
| |
+
|
| |
def test_rootdn_access_allowed_host(topology_st, rootdn_setup, rootdn_cleanup):
|
| |
"""Test allowed host feature
|
| |
|
| |
The changes in ticket 48027 caused IP addresses containing wildcards to
be rejected.
This changes the set of allowable characters to match that used for the
rootdn-deny-ip attribute.